A photo from the We For Health Collection
-

Privacy policy

Introduction

GC-Legal, operated by Extension Ltd., a Rwanda company (“we”, “our”, “us”) is committed to safeguarding your privacy and ensuring the security of your personal data.This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you interact with our website or engage our legal services.Our practices are guided by the Law Nº 058/2021 of 13/10/2021 Relating to the Protection of Personal Data and Privacy in Rwanda (‘DPA’). We are registered with the Rwanda Data Protection Office (DPO) as a data controller and data processor.This registration demonstrates our commitment to upholding the highest standards of data protection and privacy.

What Personal Data We Collect

We may collect and process the following categories of personal data:

  • Identification information (such as your name, date of birth, and identification numbers)

  • Contact details (such as your address, email address, and telephone number)

  • Credentials (such as usernames, passwords and login information)

  • Financial Information (payment details for processing invoices)

  • Device Information (such as IP addresses, device and application identifier, location)

  • Analytics (such as website usage, and pages viewed before and after accessing our website)

  • Professional, (such as educational, and employment information and history)

  • Recordings (such as meeting and call recordings)

  • Information related to your legal matters or enquiries

  • Any other information you provide to us in the course of our professional relationship or through our website (such as information voluntarily submitted to us or as part of any KYC/AML processes on our part)

How We Collect Your Personal Data

We collect personal data directly from you when you:

  • Contact us via our website, email, telephone, or in person

  • Engage our legal services

  • Subscribe to our newsletters or updates

  • Submit an enquiry or request information

We may also collect personal data from publicly available sources or third parties where necessary and appropriate.

While most of the personal information we process is provided to us directly by you , we also receive personal information indirectly, from the following sources in the following scenarios:

  • We utilize Cookies within our website (for more details, see the section titled “Cookies”, below). Cookies help us understand how you interact with our website and services, enabling us to provide a more personalized and seamless experience for you.

  • If you’re using a location-enabled browser, we might gain access to information regarding your geographical location and, if applicable, details related to your mobile device. This provides us with the ability to offer content that’s relevant to your specific location and to enhance our services based on the devices you’re using.

  • We may also collect information from third parties, including service providers.

  • As you navigate through our website, we collect certain information. This includes your Internet Protocol (IP) address, personal user settings, MAC address, cookie identifiers, details of your mobile carrier, unique identifiers related to mobile advertising, and information about your browser or device. We also gather data about the Internet Service Provider you’re using. In addition, we automatically collect data relating to your interaction with our website. This encompasses the pages you visit before, during, and after using our website, the links you click on, the types of content you interact with, along with the frequency and duration of your activities. This comprehensive data collection allows us to better understand your usage patterns and preferences, which in turn helps us to enhance our website and our services.

Purposes for Processing Your Personal Data

We process your personal data for the following purposes:

  • Account Administration: We use personal data for creating and managing your account, ensuring seamless user experience. Transaction Processing: Your data aids us in processing orders, transactions, and handling billing and payments.

  • Service Provision: We utilize your personal data to fulfill your requests for products, services, or information.

  • User Support: Your data allows us to offer comprehensive assistance and support related to our services.

  • Service Enhancement: We use personal data to refine our services, encompassing elements such as testing, research, internal analytics, and product development.

  • Personalization: By understanding your preferences, we can personalize our services, website content, and communications.

  • Location-Based Content: By collecting data about your geographical location, we can provide content and services relevant to your specific location.

  • User Interaction and Engagement Analysis: By tracking the pages you visit, the links you click, the content you interact with, and the frequency and duration of your activities, we gain insights into your usage patterns and engagement. This helps us understand which parts of our website are most engaging and useful to our users, and improve areas that are not meeting user expectations.

  • Engagement Analysis: We use your personal data to gauge interest and engagement levels in our services.

  • Security and Fraud Prevention: Your data is crucial in conducting fraud protection measures, maintaining security, and debugging efforts.

  • Marketing and Communication: Personal data helps us in marketing our services, presenting tailored advertisements, and communicating about your account or any activities on our services, along with other administrative matters such as policy updates.

  • Legal and Business Obligations: We utilize personal data to fulfill our legal obligations, protect rights and safety, enforce agreements, respond to claims, resolve disputes, pursue business development initiatives, run our firm’s operational processes including recruitment, maintain and develop our business relationships, identify services of potential interest, and process and respond to requests, enquiries or complaints.

Legal Basis for Processing

We process your personal data based on one or more of the following in accordance with the DPA:

  • Your consent. You are able to remove your consent at any time. You can do this by contacting contact@GC-legal.com

  • The necessity to perform a contract with you or to take steps at your request prior to entering into a contract

  • Compliance with our legal obligations

  • Our legitimate interests, provided these do not override your rights and freedoms

Your Rights

You have the following rights regarding your personal data under the law (the DPA):

  • The right to access your personal data and receive a copy

  • The right to request correction of inaccurate or incomplete data

  • The right to request erasure of your personal data in certain circumstances

  • The right to object to or restrict the processing of your personal data

  • The right to withdraw your consent at any time, where processing is based on consent

  • The right to request the transfer of your personal data to another service provider

  • The right to lodge a complaint with the supervisory authority, the Rwandan DPO.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, alteration, or destruction.Access to your personal data is restricted to those who need it for legitimate business purposes.

Data Sharing and Transfers

We do not sell your personal data. We may share your personal data with:

  • Our staff, consultants, service providers, advisors, sub-contractors as well as any other person who require the information to provide services to you.

  • Our affiliates (meaning entities under common control with us, controlled by us or that we control), other entity that we may be required to share information with for the purposes of providing services to you or fulfilling our legal obligations.

  • Third-party service providers who assist us in operating our business, subject to confidentiality obligations

  • Regulatory authorities, courts, or law enforcement agencies where required by law or in connection with legal proceedings.

If it is necessary to transfer your personal data outside Rwanda, we will ensure that appropriate safeguards are in place to protect your data.

Data Storage

Your personal data will primarily be stored within Rwanda. However, for data hosting, backup, or operational purposes, your personal data may be stored or processed on secure servers located outside Rwanda. Where we store your data outside Rwanda, we ensure that such storage is subject to appropriate safeguards and security measures to protect your personal data.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal and regulatory requirements, or as otherwise required for legitimate business purposes.When your data is no longer required, it will be securely deleted or destroyed.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights or complain, please contact us at:

GC-Legal
hello@gc-legal.rw

Email Address: hello@gc-legal.rw
[Telephone Number]

Contact DPO

If you have any concerns about our use of your personal information, you can make a complaint to the DPO.

The DPO’s address:

Rwanda’s Data Protection Office

Street: 21 KG 7 Ave, Kacyiru

A&P Building, Ground Floor

Kigali - Rwanda

Email address: complaint@dpo.gov.rw

Helpline number: +250 782 847 756

Toll-free: 9080

DPO website: https://dpo.gov.rw

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website and will take effect upon posting.

Effective Date: 22 May 2025